How can govt make sure your data is safe?

Agents at several enrolment agencies are willing to part with demographic records collected from Aadhaar applicants for Rs 2-5.

Nandan Nilekani‘s trailblazing biometric ID system, apparently modelled on first FBI directorJ Edgar Hoover‘s massive central database of fingerprints, is in spotlight after reports of a cyber attack which leaked Aadhaar data. A report by The Tribune had claimed that one of its reporters paid just Rs 500 to an ‘online agent’ to access names, addresses, PINs, photos, phone numbers and emails of more than 1 million numbers.

However, an India Today investigation has revealed that the Aadhaar data breach racket is not merely online, but could be widespread with agents at several enrolment agencies willing to part with demographic records collected from Aadhaar applicants for Rs 2-5.

Enrolment agencies are entities hired by the Registrars for enrolment of residents during which demographic and biometric data are collected as per UIDAI enrolment process, according to uidai.gov.in.

One such enrolment agency is Alankit Assignments Limited, located in Faridabad. “You can see for yourself,” said Alankit’s branch head Ishpal Singh when asked is this Aadhar data as he planked an entire file of 250 applicants on his desk.

YOUR CHOICE- SCAN THROUGH OR COPY DATA

“I can give you data of 15,000 applicants for Rs 30,000,” a brazen Singh, who is the branch head of Alankit, told India Today reporters, who posed as businessmen seeking to expand their database of potential customers. He was ready to provide an applicant’s name, address, birth date, mobile numbers and email for merely Rs 2.

Subsequently, Singh advised the India Today reporters to copy down every bit of information from his dossiers right there. “I will give you a bundle of 250 forms (application acknowledgements). I have records of 50,000 applicants. You can note down all the data.”

The probe shows how Section 28 of the Aadhaar Act, which states that the UIDAI must ensure the security and confidentiality of identity information and authentication records, is brazenly flouted. “The Authority shall adopt and implement appropriate technical and organisational security measures, and ensure the same are imposed through agreements/arrangements with its agents, consultants, advisors or other persons,” Section 28 further states.

PRIVACY GONE FOR A TOSS

Nilekani, the architect of Aadhaar, had vouched for its security last April. “It’s a very, very secure system. The level of encryption that Aadhaar has is way above any other system today, including in the private sector. Plus, security keeps getting enhanced,” he had said.

Another enrolment centre at Indirapuram, Ghaziabad, was willing to sell data of 4-5 lakh applicants. Senior official Ashish Gupta offered the database not only from this facility, but also from three others under his command in Delhi.

“I’ll get the data on an Excel sheet,” Gupta replied when asked if he could offer information about all the applicants in Indirapuram. He is ready to provide all this data for Rs3-5 per applicant.

An Aadhaar enrolment centre at Sector 10, Noida, was no different with the main agent, Sonu, demanding Rs 4-5 per applicant. “I have made 40,000 Aadhaar cards so far.” He offered PDF copies of acknowledgements of applicant’s information.

These agents are operating with blatant disregard for the Aadhaar Act. Section 37 of the Act says “intentional disclosure or dissemination of identity information, to any person not authorised under the Aadhaar Act, or in violation of any agreement entered into under the Act, will be punishable with imprisonment up to three years or a fine up to ten thousand rupees (in case of an individual), and fine up to one lakh rupees (in case of a company)”

Whittaker had earlier said, “ICYMI. India has a national ID database with the private information of nearly 1.2 billion nationals. It’s reportedly been breached. Admin accounts can be made and access can be sold to the database, reports BuzzFeed.”

The UIDAI on Thursday said the Aadhaar data including biometric information is fully safe and secure.

It termed The Tribune report titled ‘Rs 500, 10 minutes, and you have access to billion Aadhaar details’ as a case of misreporting.

“There has not been any Aadhaar data breach. The Aadhaar data including biometric information is fully safe and secure,” the UIDAI said in a statement.

This development has come at a time when the Supreme Court is set to begin the final hearing of petitions challenging the legality of Aadhaar programme based on privacy concerns on January 17.

In August 2017, the Supreme Court held that privacy is a fundamental right under the Constitution of India.

Aadhaar is an Orwellian project that is unconstitutional and deserves to be scrapped. But Supreme Court has been dragging its feet and giving unreasonable time to Indian government to force Aadhaar upon maximum number of Indians.

Once the biometric have been blocked and Aadhaar is delinked from all government and private services, ask UIDAI, Indian government and Supreme Court to destroy your biometric to prevent any future misuse of the same.

Cyber security of Aadhaar and its biometric database is very poor by design and implementation. It is better to safeguard you interests, including your civil liberties, than being sorry in future. So start blocking your biometric at UIDAI, delink Aadhaar from all services and demand for destruction of biometric from all places.

The Constitution of India and your Fundamental Rights empower you to take all these actions. Neither Indian government nor Supreme Court of India can restrict you from doing above mentioned three activities of blocking, delinking and destruction of biometric database of Aadhaar.

Related posts

Indian Overseas Bank had the maximum of 15 such cases wherein Rs 5.89 lakh were siphoned off, followed by State Bank of India.

By- Sunny VermaAndhra Bank witnessed four such cases wherein Rs 4,20,098 was withdrawn from customers’ accounts using their Aadhaar details without their knowledge.

Five recent cases of money being fraudulently withdrawn from customers’ bank accounts have come to light at two public sector banks, where the fraud was perpetrated using the customers’ Aadhaarnumber linked with the accounts

While Andhra Bank witnessed four such cases wherein Rs 4,20,098 was withdrawn from customers’ accounts using their Aadhaar details without their knowledge, Syndicate Bank saw one such case where Rs 1,21,500 was withdrawn. The amount involved was subsequently returned by the banks to the customers.

Besides these cases, the banking “department has received 20 complaints of bank frauds involving Rs 7.65 lakh connected with linking Aadhaar with bank accounts since 2015,” finance minister Arun Jaitley said in a reply to a question in Lok Sabha on Tuesday. These 20 cases involve five banks, where money was siphoned off in Aadhaar-linked accounts. While in the first five cases banks have returned the money to customers, it is not immediately clear whether money was returned in other 20 cases.

Indian Overseas Bank had the maximum of 15 such cases wherein Rs 5.89 lakh were siphoned off, followed by State Bank of India, which had two cases involving Rs 80,500 and UCO Bank involving Rs 95,250 in one case, according to the information presented in Lok Sabha. So far, there have been 25 recorded cases involving Rs 13.06 lakh worth of money being fraudulently withdrawn from bank accounts linked with Aadhaar, according to two sets of data collated from the finance ministry.

“For customer protection, zero liability of a customer is assured vide Reserve Bank of India’s (RBI) circular dated 6th July, 2017 in all cases of a third party breach where the deficiency lies neither with the bank nor with the customer but lies elsewhere in the system and the customer notifies the bank within three working days of receiving the communication from the bank regarding the unauthorised transaction,” Jaitley said in the reply.

“On being notified by the customer, the bank shall credit (shadow reversal) the amount involved in the unauthorised electronic transaction to the customer’s account within 10 working days from the date of such notification…,” he said.

Linking of Aadhaar with bank accounts, insurance policies and Permanent Account Number (PAN), among others, has been made mandatory by the government. The Prevention of Money Laundering Rules 2005 as amended on June 1, 2017 and subsequently from time to time also require Aadhaar identification by various reporting entities, including banks, financial institutions and other intermediaries.

As on December 15, 2017, out of 106.41 crore current account and savings account, 82.47 crore accounts are seeded with Aadhaar. Within these, out of 30.76 crore Pradhan Mantri Jan Dhan Yojana accounts, 22.58 crore accounts have been seeded with Aadhaar as on December 20, 2017, finance ministry data said.

It is not clear how the money was fraudulently withdrawn from the customers’ accounts using the customers’ Aadhaar number. “It is possible that the funds were withdrawn using the Aadhaar Enabled Payment System (AEPS) from these bank accounts without the knowledge of the account holder,” said a banker at another bank, asking not to be named.

A senior official with the UIDAI, who asked not to be named, said: “There has been no data breach at the end of the UIDAI. These cases of fraudulent withdrawal are more in the nature of online banking frauds wherein gullible customers happen to share their confidential details with fraudsters over the phone or internet.”

An official query sent to the UIDAI spokesperson on December 22, followed up with several phone calls, did not elicit any response. Department of Financial Services, Andhra Bank and Syndicate Bank did not respond to queries sent on December 19, December 19 and December 4, respectively.

Meanwhile, the UIDAI has filed 30 FIRs till date, for violation of the Aadhaar Act, 2016, Minister of State for Electronics and Information Technology Alphons Kannanthanam said in reply to a query in Lok Sabha last month.

Apart from linking with bank accounts and mobile numbers, Section 139AA of the Income Tax, 1961, effective July 1, requires all taxpayers having Aadhaar number or enrolment number to link it with PAN. The deadline for linking Aadhaar with PAN has been extended till March 31, 2018.

Till November 30, UIDAI has notified 252 schemes from various ministries under Section 7 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016. Section 7 requires use of Aadhaar as condition precedent for services and benefits flowing from Consolidated Fund of India, provided no service/benefit is denied for want of Aadhaar.

After being denied information requested through an RTI, activists have written to panel chairperson Justice B.B. Srikrishna demanding access to details on meetings held.

The National Campaign for Peoples’ Right to Information (NCPRI) has written to Justice Srikrishna expressing concern about the lack of information in the public domain about the functioning of the committee of experts (chaired by Justice Srikrishna) examining the data protection framework for India.

The letter highlights that information about the functioning of the committee of experts in terms of the dates of the meetings, the agenda of the meetings and most importantly the minutes of the meetings is not available in the public domain. Access to information on the agenda of the meetings and minutes of the meeting has been denied under the RTI law by MeitY stating that “This information currently is not in public domain”.

Further, the text of the draft Data Protection Bill circulated by MietY which is being considered by the committee is also not publicly available.

It said denial of information by the ministry was in violation of the RTI Act as there is no legal provision to deny information merely because it is not in the public domain. “Information can only be denied if it is exempt under section 8 or 9 of the RTI law. While we are following the formal channels of appeal under the RTI Act, we request you to kindly take steps to ensure that information about the functioning of the committee is placed in the public domain,” the letter said.

Making a mention of the note presented by the attorney general to the Supreme Court in the ongoing cases related to Aadhaar, the NCPRI said it appeared that the committee was in possession of and considering a draft Data Protection Bill circulated by the the ministry. Since this draft Bill was also not available in the public domain, it urged the committee chief to make it public.

The Campaign said since the work of the committee of experts was “crucial to ensure that a well thought out and widely debated framework for data protection is created for India”, transparency in its functioning will “boost public trust in this pre-legislative mechanism and will encourage people to engage with the issue of data protection”.

Related posts

I went to Maharashtra as I along with other activists and intellectuals were invited to come there. I along with others was a guest there. And I would remember fondly the love and support that I received in Pune and Mumbai. I would remember the resilience and enthusiasm of the people I met and their resoluteness to fight Manuvaad and centuries old casteist tyranny. I would remember the immense inspiration that I felt, when we paid homage to Jyotiba Phule and Savitribai Phule in Phule-wada, Pune. And, No I will not let two days of media trials by a few TV anchors, who are more of professional howlers, spoil these wonderful memories. I will not let their criminal cacophony and mindless vilification of me, Jignesh & others shadow my beautiful memories of Maharashtra.

The state of Maharashtra as well as the rest of the country is at a critical juncture today. On the one hand are forces in power who want to push our country back to many centuries and on the other are people who are resisting this Neo-Peshwahi, the casteist-communal-fascist regime of BJP-RSS. In my speech at Elgar Parishaad on 31st December 2017, I had said that the year 2018 is going to be a very challenging one. The last 3 and half years of the Modi Sarkar has exposed the BJP’s jumlas of Ache Din and Vikas as hollow, bitter and brutal lies.

As the General Elections of 2019 approach, BJP/RSS will now resort to creating civil strife amongst the people, polarising them on the basis of caste and religion and unleashing attacks on muslims and Dalits. The developments over the last few days vindicate me, a little too soon. Several regions of Maharashtra are in the midst of an acute agrarian distress. Both Marathas and Dalits are victims of this agrarian crisis that has been precipitated by the policies of both Modi and Fadnavis. The BJP/RSS regime has no resolution to offer to the farmers of Maharashtra. Therefore, unleashing attacks on Dalits through their hoodlums and portraying it as a caste clash between Dalits & Marathas will remain their only strategy.

The attack on the Bhima Koregaon gathering happening a day after the Elgar Parishad in Shanivarvada, Pune is also not surprising. Contrary to what is being portrayed, the Elgar Parishad was not a gathering of only Dalits and Ambedkarites. Yes, they were in the forefront but there were left, adivasi, farmers, minority, women & even Maratha organisations. The historic conference witnessed an incipient unity of the oppressed, that spoke about caste atrocities, agrarian distress, attacks on minorities, attack on adivasis, and the cannibal economic policies of the current regime. Thus, the desperate attacks and desperately vicious media campaign!

A section of the ‘media’ ran a vicious trial where they tried to implicate me and Jignesh as the culprits who had “incited violence”. The ridiculousness of this shrill campaign is apparent from the fact that there are videos of the attack where those brandishing saffron flags can be seen attacking Dalits. Their exclusive focus on the two of us is just an effort to divert our attention away from the real culprits – the likes of Shambhaji Bhide and Milind Ekbote. And mind you, these are no fringe elements. Bhide is admired by no one less than PM Modi himself who claims to be inspired by him and described him in January 2014 as a “Mahapurush” and “Tapasvi”. The current CM of Maharasthra was also on the stage when Modi made these comments.
But then these channels are not worthy to be called as new channels, they are stooges of the Modi Sarkar funded and patronised by BJP. They are only doing their duty – i.e., lying and fabricating news to shield their ideological brethren. These channels announced to their viewers that our speeches were provocative and had led to the violence.

They scanned both our speeches hard, only to be left lurching in the vain (both of our speeches are in the public domain, and you can access them too). Finally, they played a small excerpt from Jignesh’s speech where he had said that we need “sadko ki ladai” to end caste and class oppression. Voila, the formula was cracked. The “street war”, the “caste clash” happening across Maharashtra was therefore Jignesh’s doing! Dimwits that they are, they don’t even understand metaphors. Let me explain to them what “sadko ki ladai” looks like.

The country-wide student movement against the banning of the Ambedkar-Periyar Study Circle in IIT-Madras, the historic 100 day strike by FTII students, the historic 114 day #OccupyUGC movement against the funds cuts in education, the spectacular movement demanding #JusticeForRohith, the celebratory #StandWithJNU movement, the rage-filled movement of the female students of BHU, the spirited student agitation against fee hikes in Punjab University – this is what “sadko ki ladai” looks like.

Wait, there is more! The outpouring of the Dalit rage for self-respect & dignity in Una, Saharanpur and now across Maharashtra; country-wide protests against lynchings of muslims; the farmer rallies and the Workers’ Mahapadav is what opposition on the streets looks like. When the Modi Sarkar came to power, it was said that there is no formal opposition left in the country. But despite and in-spite of that, people came out on the streets repeatedly & showed this fascist regime what real opposition looks like.

These channels might have chosen to vilify these movements, or blacked them out from the TV screens. But, these have haunted their master terribly and given him many sleepless nights. He knows, that on the ground, away from the TV screens these movements are now coming together & uniting. He is even more sleep deprived. He knows that this unity will prove to be his undoing. He has therefore deputed these TV anchors – 21st century version of Goebbels – to brand, threaten, silence and scare us into submission. But it is they who are scared – scared of our unity, our conviction and vision of an India of Bhagat Singh and Ambedkar’s dream. Let me end by explaining their fear in the words of the poet Gorakh Pandey –

As many as 9,474 students committed suicide in 2016–almost 26 every day–according to this reply to the Lok Sabha (lower house of Parliament) by H G Ahir, minister of state for home affairs, on January 2, 2018.

Student suicides in the country have increased 52%–from 17 every day (6,248) in 2007 to 26 every day in 2016, data show.

Over 75,000 students have committed suicides over the last 10 years in India between 2007 and 2016.

Failure in examinations led to 2,413 suicides by students in 2016–or seven every day–accounting for 25% of student suicides. Over 23,000 student suicide deaths in India (30%) have been attributed to failure in examinations between 2007 and 2016.

India has one of the world’s highest suicide rates for youth aged 15 to 29, according to a 2012 Lancetreport, IndiaSpendreported on April 6, 2017.

“The popular perception is that failing exams or inability to cope with academics is the primary reason for student suicides,” Shaibya Saldanha, co-Founder of Enfold India, an NGO which works with children and adolescents, had toldIndiaSpend. “This is rooted in a sense of helplessness or extreme frustration.”